Brett's Ramblings
How easy (or difficult) is it to build a WinFE with WinBuilder?
An easy quickstart guide to build your WinFE ISO...
1) Extract WinBuilder to the root of your C:/ drive
2) Run WinBuilder
3) Click 3 buttons and you are done.
If you want more features, such as additional programs, network support, audio, more drivers, customized wallpaper, create a bootable WinFE flashdrive, etc..., then you just need to push a few more buttons. Download and read the write up (Users Guide to WinFE) for details on adding features. It's just as easy as pushing the 3 buttons.
These screenshots show all that is needed. Now, after looking at what is needed to create your WinFE, what is the reason you haven't started yet?.....
 is it to build a WinFE with WinBuilder?)
About the author
Comments 11
I thought the main purpose of a 'WinFE' is to be able to view/browse a system after booting to a 'WinFE' environment which prevents changes to the hard drive.
I ran WinBulder according to the instructions in this post, but have a question.
After running and watching the creation of the boot ISO for WinFE I didn't see anything that leads me to believe that my run of WinBuilder [082] is a WinFE and not just a WinPE.
What part of running WinBuilder makes this a "WinFE" and not just a "WinPE"?
The modification of the two registry keys make it forensic. Set up WinBuilder with the WinFE scripts to modify the registry, or build with the batch files via command line. Boot to the WinFE you create and test to ensure the write protection works. You'll need to use DiskPart via the command line in WinFE to toggle the drives on/offline to test. You can also look at the modified WinFE registry keys to ensure the keys were modified.
I have created a boot CD using WinBuilder, 'VistaCAPI v.12' using Vista DVD and booted a PC to it and the hard drive was mounted RW by default. Also, I can find no were in the GUI were I can set an HD to read-only.
It would seem that there must be a different download of WinBuilder for a 'WinFE' build.
The script now in the box.net site (and on reboot.pro) configures the WinPE to FE. There is no GUI in WinFE that toggles drives on/offline. There is a GUI that Microsoft is reviewing to be released, but until that time, you must use the command line tool "DiskPart". Instructions are in the how to use winfe paper.
When following the links from the download menu (on this site), one just ends up the the WinBuilder site, were there is little mention of a 'WinFE' build that can be downloaded. Every link I found for 'WinFE_Builder.zip' leads back to the main download.
Is there a WinBuilder 'project', 'add-on', etc. that will modify the build so that the hard drives on the target PC are 'read-only'?
Still cannot find the winfe winbuilder script. What do you mean 'I put the script in the box.net on this site'? I have Googled 'site:box.net +winfe' and got nothing. Cannot find the winfe script listed anywhere in the 'downloads' and have searching/reading posts on the reboot.pro site for 'winfe' for over an hour and still haven't found the script.
Tried making my own, and puttiing it in the 'tweaks' folder but when I start WinBuilder backup the 'WinFE' doesn't appear in the llist.
Here's my "winfe.script":
[main]
Title=Win-FE
Type=Script
Selected=True
Level=7
[Process]
RegHiveLoad,Tmp_System,%RegSystem%
REG ADD HKLM\WINFE2\ControlSet001\Services\MountMgr /v NoAutoMount /t REG_DWORD /d 1 /f
REG ADD HKLM\WINFE2\ControlSet001\Services\partmgr\Parameters /v SanPolicy /t REG_DWORD /d 3 /f
RegHiveUnLoad,Tmp_System
Any suggestions? BTW, thanks for the fast response!
Posts List
Tag Cloud
Search Blog
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!
© 2019 Brett Shavers